On Fri, Jan 18, 2019 at 11:41:00PM +0300, Vitaly Chikunov wrote: > > a) RSA verify works differently (is it just disguised encrypt), > b) We have separate wrapper module for it (pkcs1pad). Thus: > > Old API can not be removed. In other words, we can not replace > .verify_rsa with .verify in these drivers or PKCS1 will not work. > > We can replace .verify_rsa with .verify in pkcs1pad, but there is no > need for that if we stay with two API calls, which we can't avoid. I think having two API calls during a transition period is fine. But it must not be the long-term outcome. In order to keep existing drivers working, I think we should make the API wrap the legacy verify_rsa and implement verify directly on top of it. IOW the driver remains unchanged for now but the crypto API code should provide a verify API that is implemented on top of the driver's verify_rsa call. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
